Users utilize mobile devices to perform many different tasks, such as online transactions and workflow approvals. Some tasks require correct user credentials. A user may save a password in the mobile device, e.g. an application thereof, for convenience or other reasons. However, if the mobile device is lost and acquired by another person, this leaves the saved password susceptible to attack and gives the other person the ability to perform tasks in the name of the user. At the same time, if the other person is close to the user or otherwise has access to personal information about the user, the other person has a higher likelihood of guessing the user's password and gaining unauthorized access to the mobile device.